62808ccc428f37e3edf8473d40a13209e02c28aab117231a5ff8a99d52b8824a

Analysis

max time kernel
25s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 04:25

Target

62808ccc428f37e3edf8473d40a13209e02c28aab117231a5ff8a99d52b8824a.exe
Size

320KB
MD5

17cb2ee2905dc78ee66471ea18cba4c0
SHA1

f36b39552d37b22dbd79840c3c4d795fe2124244
SHA256

62808ccc428f37e3edf8473d40a13209e02c28aab117231a5ff8a99d52b8824a
SHA512

94e3a90e5bcef2be41f4e0b07ddcdf6dd34b922a538d1040d1938a7bee35f9d3aeb1783224a725d6383b7c89253b863c320e1c2a5d88155be020fcced282666f
SSDEEP

6144:dCE06UWVEudvlEvS7/jUq6JkZWspn7SMWJyJz4vz2trz:dCLurwS7776JkV7SMWJk4vze

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1676	62808ccc428f37e3edf8473d40a13209e02c28aab117231a5ff8a99d52b8824a.exe
1676	62808ccc428f37e3edf8473d40a13209e02c28aab117231a5ff8a99d52b8824a.exe

C:\Users\Admin\AppData\Local\Temp\62808ccc428f37e3edf8473d40a13209e02c28aab117231a5ff8a99d52b8824a.exe
"C:\Users\Admin\AppData\Local\Temp\62808ccc428f37e3edf8473d40a13209e02c28aab117231a5ff8a99d52b8824a.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1676

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1676-54-0x00000000764D1000-0x00000000764D3000-memory.dmp

Filesize
8KB

Download